Lines Matching full:execsnoop
4 # execsnoop Trace new processes via exec() syscalls.
7 # USAGE: execsnoop [-h] [-T] [-t] [-x] [--cgroupmap CGROUPMAP]
53 ./execsnoop # trace all exec() syscalls
54 ./execsnoop -x # include failed exec()s
55 ./execsnoop -T # include time (HH:MM:SS)
56 ./execsnoop -P 181 # only trace new processes whose parent PID is 181
57 ./execsnoop -U # include UID
58 ./execsnoop -u 1000 # only trace UID 1000
59 ./execsnoop -u user # get user UID and trace only them
60 ./execsnoop -t # include timestamps
61 ./execsnoop -q # add "quotemarks" around arguments
62 ./execsnoop -n main # only print command lines containing "main"
63 ./execsnoop -l tpkg # only print command where arguments contains "tpkg"
64 ./execsnoop --cgroupmap mappath # only trace cgroups in this BPF map
65 ./execsnoop --mntnsmap mappath # only trace mount namespaces in the map